<div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div>I'm new to this winpcap library.<br>Currently i'm using winpcap <span style="font-weight: bold;">4.0.1</span> in my VC++ compiler.<br>
I have to filter the TCP packets holding the SYN flag.<br><br><br>Whenever i tried using the filter string "tcp[13] & 0x02 != 0", it just hanging in pcap_next_ex() function.Still its waiting for the packets to come.<br>
But i'm getting the SYN packets in my ethereal running at the same time.<br>Also i tried, "tcp[tcpflags] & tcp-syn != 0" and "tcp port 8080 and tcp-syn". None of them works.<br>I didn't get any error message while compiling and setting the filter.<br>
<br>But Its works fine with the filter strings "tcp" and "tcp port 8080".<br><br>Is this the correct expression what i'm looking for?<br>That will be great for me if anybody help me regarding this.</div>
</blockquote><div><br>Briefly:<br><br>- the first two filter expressions worked for me, although I only tried on a trace file but that shouldn't matter.<br> (pcap version = 4.0.0.1040)<br><br>- after examining the bpf program code, they probably won't work if you are running on a vlan.<br>
(or perhaps a number of other network types)<br><br>- sug: try testing your filter with a trace file first. grab one from <a href="http://wireshark.org">wireshark.org</a> if necessary.<br> (Note: the protocol stack that worked for me was the simple ETH:IP:TCP )<br>
<br>good luck.<br><br>john<br></div></div><br>